Investigate Flash Loan Txn

Summary

Flash Loan Transactions are a very common form of exploit that occur on the blockchain. Here we will investigate an actual on-chain incident where funds were stolen and moved to a rogue wallet.

Blockscope Tools we will use

Customers Types

The following customer types would be interested in conducting on-chain investigations similar to the one we are about to conduct.

• Institutions

• Government Agencies

• Regulators

• Forensics Teams

Investigation

1) Investigation Entry point, search blockchain transaction

2) We can see, blockscope was able to decode most of the on-chain data

3) Let's look at the top addresses, protocols and tokens involved in this transaction

4) First red flag that goes off, seeing the Self Destruct function.

5) We can see all the known(green) accounts and unknown(red/orange) accounts. This high level view tells us what protocols and tokens were used

6) Filtering out the interactions to just show us transfers of ERC-20 and Native tokens lets us trace the stolen funds to 1 particular account. We can now focus on tracing the funds in and out of that account using the Tracer Tool

7) We can see the 65 eth that moved into this account and its subsequent movement to Kyberswap and another contract

8) Further analysis lets us see that this user is a repeat exploiter and has exploited and gained 962 ETH in the past, worth over 2M USD today

9) Using Wallet Profiler, we check the wallet’s holdings and see it still had the 2M worth of Ether

10) Looking at the very first transaction, the user supplied funds here via an account that used tornado cash on Feb 14, 2020. This was prob an attempt at keeping their identity hidden by using funds that went through tornado cash.

11) With a few clicks we’ve set up monitoring using Blockscope's Watchtower tool

12) We will be notified in real-time for any new activity from this wallet.